The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Grafana

crewjam/saml: privilege escalation via XML Round-Trip Unpreserved Semantics
An attacker can bypass restrictions via XML Round-Trip Unpreserved Semantics of crewjam/saml, in order to escalate his privileges...
29875, CVE-2020-27846, FEDORA-2020-64e54abd9f, FEDORA-2020-968067abfa, GHSA-4hq8-gmxx-h6w9, VIGILANCE-VUL-34238
Grafana: vulnerability via notifications
A vulnerability via notifications of Grafana was announced...
VIGILANCE-VUL-33971
Grafana: file reading via MySQL Connection String
A local attacker can read a file via MySQL Connection String of Grafana, in order to obtain sensitive information...
CVE-2019-19499, RHSA-2020:4682-01, VIGILANCE-VUL-33197
Grafana: Cross Site Scripting via Snapshot Original Dashboard Link
An attacker can trigger a Cross Site Scripting via Snapshot Original Dashboard Link of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2020-11110, RHSA-2020:4682-01, VIGILANCE-VUL-32929
Grafana: information disclosure via Avatar HTTP Scan
An attacker can bypass access restrictions to data via Avatar HTTP Scan of Grafana, in order to obtain sensitive information...
CVE-2020-13379, FEDORA-2020-a09e5be0be, FEDORA-2020-e6e81a03d6, openSUSE-SU-2020:0892-1, openSUSE-SU-2020:1105-1, openSUSE-SU-2020:1611-1, openSUSE-SU-2020:1646-1, RHSA-2020:2641-01, RHSA-2020:2676-01, VIGILANCE-VUL-32406
Grafana: Cross Site Scripting via Dashboard Settings
An attacker can trigger a Cross Site Scripting via Dashboard Settings of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2018-18625, VIGILANCE-VUL-32402
Grafana: Cross Site Scripting via Table Panel Set Column Styles
An attacker can trigger a Cross Site Scripting via Table Panel Set Column Styles of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2018-18624, RHSA-2020:4682-01, VIGILANCE-VUL-32401
Grafana: Cross Site Scripting via Text Panel Set Options
An attacker can trigger a Cross Site Scripting via Text Panel Set Options of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2018-18623, VIGILANCE-VUL-32400
Grafana: Cross Site Scripting via OpenTSDB Data Source
An attacker can trigger a Cross Site Scripting via OpenTSDB Data Source of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2020-13430, RHSA-2020:4682-01, VIGILANCE-VUL-32327
Grafana: information disclosure via /var/lib/grafana
An attacker can read /var/lib/grafana on a Grafana host, in order to obtain sensitive information...
8283, CVE-2020-12458, CVE-2020-12459, FEDORA-2020-c6b0c7ebbb, FEDORA-2020-d109a1d1d9, RHSA-2020:4682-01, VIGILANCE-VUL-32155
Our database contains other pages. You can request a free trial to read them.

Display information about Grafana: